GDPR After Brexit: How It May Affect Cold Email?

There’s a lot of uncertainty around the United Kingdom leaving the European Union. Since some of you target the UK, I think you wonder what will happen there in terms of GDPR. Will GDPR be still relevant after Brexit? Let’s see.

This blog post was written with the cooperation of Margaret Sikora, our Product Manager and Data Protection Officer at Woodpecker.

Disclaimer: You should treat this post as a guide that will help you understand the principles of GDPR. Please do not treat it as legal advice. If you’re looking for legal advice, contact a lawyer after reading this post and ask them for advice and answers to specific questions about your case.

GDPR: A quick recap

GDPR regulates processing personal data in the EU and/or of the EU citizens. It’s been binding since May 25, 2018. It was supposed to protect the citizens against any data violation or mismanagement. Because we handle personal data while doing cold email outreach, GDPR applies to those of us who send cold emails.

If you wish to know more about it, we have a comprehensive guide that will walk you through steps you need to take to do cold email outreach under GDPR.

What about GDPR after Brexit?

Since GDPR is an EU-related regulation, it may seem that the UK should not be bound by it after leaving the European Union. So we don’t have to trouble yourself with GDPR compliance there. Is that really true?

First of all, let’s face it – the UK leaving the EU is not something easy or quickly doable. It’s a process which requires patience, careful planning, and good governance to be correctly conducted. No wonder we feel uncertain about repercussions and how those are managed.

Nonetheless, as we could have observed in the media when GDPR was being introduced, it wasn’t only the EU countries that have been affected by GDPR. Numerous non-EU countries went crazy about data safety just to provide satisfying standards to facilitate cooperation with EU based companies. Thus, we can’t ignore GDPR even if we’re not from the European Union. Would the UK be able to ignore it, then?

How Brexit will affect cold emailing?

For the majority of our readers, I bet the most interesting thing is whether it’s possible that Brexit will affect cold mailing that goes out and to the UK. The answer is yes!

GDPR requires an adequate level of protection – just as any data processing which takes place outside of the EU(cold mailing included). In other words, it is prohibited to send data outside of the EU unless we can confirm that the country provides an adequate level of protection.

The level of data protection is assessed by the Commission itself. For example, the US under Privacy Shield ensures enough protection to transfer data there (providing that necessary consent being collected, of course). It’s most likely that the UK won’t be a subject to the European Court of Justice and European Board. Data protection there will be still a market demand to follow security principles.

Curious why? The reason is very simple. If your business partner is in the EU, they have probably already prepared things like risk assessment, data processing registrar or any similar. Consequently, if you wish to deliver value to such a business, you need to follow the same regulations and share the same principles.

Should we care about GDPR compliance then?

The best tip I can give you now is to be up-to-date with the EU – UK arrangements and actively check what decisions are being made so that you are aware of potential further consent clauses to be added once the UK leaves the EU.

Under EU law, all non-EU companies need to be represented within the EU, and in fact, such companies are – have a quick look at Google or Facebook all with facilities and storage centers within the EU. When it comes to Brexit and Data Safety the most difficult is to switch from requirements that apply to EU countries, with the UK being excluded from this.

It is also important to remember that the UK implements its own data safety rules which you should pay some attention to if the country is in the field of your interest. For example, data safety breach may be reported to a UK institution and EU only if EU law still applies.

Learn more about these and similar cold email regulations here:

What now?

Do you have some Brexit-related questions? Find out more about Brexit from our recent webinar GDPR 2019 update.

Do you have any other suggestions for a webinar? Pitch them in the comments.